TSA PreCheck: The Risk of the Reward

“The only useful airport security measures since 9/11 were locking and reinforcing the cockpit doors, so terrorists can’t break in, positive baggage matching and teaching the passengers to fight back. The rest is security theater.”

With his crushing bon mot, security-guru Bruce Schneier brilliantly described the intense screenings and arbitrary limitations on toiletries ushered in by the Transportation Security Administration (TSA) to convince the American public that something was being done to keep them safe after 9/11. In the 15 years since then, the government has overreached, spending billions on questionable technology, enacting rafts of new rules and turning flying into a far more upsetting, complicated procedure than it need be.

In the past few months the number of applications for TSA PreCheck has more than doubled to nearly 16,000 people a day. Apparently the widespread proliferation of news reports tallying the number of missed flights and excruciatingly long security queues at airports works better than the actual $1.2 million TSA paid to advertising specialists to promote its “risk-based security” program.

TSA Administrator Peter Neffenger testified before Congress in May that the agency now expects it to have 25 million passengers registered in the program by 2019, up from its current level of about 3 million. “One of my fundamental priorities is to dramatically expand the PreCheck population,” he told the House Homeland Security Committee.

All Your Data Are Belong to Us

Whether it’s due to an influx of passengers or a massive shortage of trained TSA officers, airports nationwide have been overwhelmed by frustratingly long security queues. In an effort to defuse tensions, airports are sending in the clowns, literally.

In San Diego, airport officials hired circus performers to entertain the grounded masses. “We certainly think [the clowns] will be at the checkpoints often, as people waiting in line are a great audience for them,” exclaimed airport spokesman Jonathan Heller.

Using clowns and miniature therapy horses (like at Cincinnati/Northern Kentucky International Airport) to alleviate traveler irritation is likely to have mixed results at best, but the same should be said for TSA’s PreCheck.

PreCheck lanes operate in more than 180 airports across the country. They permit members who provide DHS with detailed personal data, a photograph, and fingerprints to pass through the airport security with their shoes on and laptops stored in their carry-on bags. “With a 5 year, $85 membership, you can speed through security,” beams the TSA website.

Membership has its privileges. Along with being allowed to keep your belt on (quelle liberté!) while being screened, people enrolled in, or applying to, the program consent to have their personal data added to the FBI’s Next Generation Identification (NGI) database, shared with “federal, state, local, tribal, territorial, or foreign government agencies”, and DHS third-party “grantees, experts, [and] consultants” forever. The TSA, in language that seems downright boastful, says that “for as long as your fingerprints and associated information are retained in NGI, your information may be disclosed pursuant to your consent or without your consent.”

Applicants also agree to have their fingerprints entered into DHS’ Automatic Biometric Identification System (IDENT) “for recurrent immigration, law enforcement, and intelligence checks, including checks against latent prints associated with unsolved crimes.”

But isn’t housing photographs and personal data of men, women and children over 12 who are catching a flight to grandmas for Thanksgiving dinner in a criminal database a risky move? It’s practically begging for false-positives, data breaches and other errors.

A coalition of civil liberties advocates, including BORDC/DDF, said exactly that in a letter to the DOJ earlier this year. It cited research, including some authored by the FBI, indicating that “some of the biometrics at the core of NGI, like facial recognition, may misidentify African Americans, young people, and women at higher rates than whites, older people, and men, respectively.”

A major concern about the program is that it will generate false alarms when travelers share similar names and other personal data with individuals flagged as a risk. Critics of the program point to past mismatches, such as the 2004 revelation that airline agents tried to block then-Sen. Edward Kennedy from boarding because his name resembled an alias used by a suspected terrorist on a government watch list.

According to the FBI’s website, NGI “provides the criminal justice community with the world’s largest and most efficient electronic repository of biometric and criminal history information.” But many of its files are incomplete and don’t tell an accurate or complete story. A 2015 GAO report discovered that more than 10 states reporting to NGI contained files that were 50 percent or less complete.

Hundreds of thousands of job applicants each year are negatively impacted by incomplete FBI data, according to the National Employment Law Project (NELP), a workers’ employment rights advocacy organization. “Nearly half of FBI rap sheets failed to include information on the outcome of a case after an arrest—for example, whether a charge was dismissed or otherwise disposed of without a conviction, or if a record was expunged … routine omissions [which] seriously prejudice the employment prospects of an estimated 600,000 workers every year,” the group said.

Risky Business

TSA Chief Risk Officer Kenneth Fletcher, speaking at a data analytics conference in April, said the problem of long security lines won’t be solved with more screeners. Instead, the agency should continue to pursue and develop intelligence-driven security protocols that use data analysis to identify the pool of risky passengers. This perspective fits perfectly within the TSA’s evolution in becoming a “risk-based, intelligence-driven, professional counterterrorism agency” as it claims to aspire on its website.

The shift in airport security toward identifying risky passengers instead of prohibited items in your luggage is a major split with past policy. It means the government will want to know more about each passenger, to feed its secret algorithm that determines which PreCheck applicants are deemed “low-risk” enough to participate.

Trusted Traveler programs like PreCheck, Global Entry and NEXUS already bar people who have certain criminal records. But will TSA seek to review data that airlines and travel agents collect on their customers, including potentially confidential details from travel itineraries like destinations and meal preferences (e.g. kosher or halal)? And what happens to people whose applications are rejected, those considered “too risky” to keep their shoes on in line? Will they be told why they didn’t qualify or have a chance for redress?

A few years ago the agency proposed expanding the types of information it and its private-sector contractors would collect and review for PreCheck. TSA wanted to “collect all the commercial data, look at social media, look at things that may or may not be indicative of a threat, and then make a determination,” said Tom Bossert, former DHS official and now president of CDS Consulting. Fortunately, this effort was halted, but it’s unlikely to be the last try to broaden the program’s scope.

As enrollment in PreCheck surges, there is also a real danger that that this “whitelist” will gradually transform into a blacklist. Jay Stanley, Senior Policy Analyst at the ACLU’s Speech, Privacy, and Technology Project has written extensively about this slippery slope, saying, in part:

“A blacklist is a list of people who are subject to some disadvantage or sanction compared to the general population. A whitelist is a list of people who are subject to some advantage compared to the general population. But advantage and disadvantage are comparative terms; at a certain point, if the whitelist comprises 90% of the population, then what you really have is a de facto blacklist composed of the 10% of the population not included on the whitelist.”

As details emerge on how the government plan to distinguish between “trusted travelers” eligible for lighter screening and those who will receive more scrutiny, questions about the vast amounts of personal data to be reviewed, collected and stored continue to flourish. Americans are being asked to pay for the privilege of shorter wait times, but they shouldn’t be treated like criminals just to catch a flight.

Share this:

Suraj serves as the North American partner to CIVICUS Monitor, an international alliance that tracks events affecting civic space, treatment of protesters, the suppression of media, and other crackdowns on civil society in over 130 countries. He is also a co-author to Civil Society Under Strain, the first book to explore how the War on Terror impacted civil society and hurts humanitarian aid.

State & local leaders must reject the militarization of our streets - even if it takes dusting off the Third Amendment to protect our rights enshrined in the First. https://rightsanddissent.org/news/no-one-expects-the-third-amendment/